We have recently updated our privacy notice and the latest version can be found below. This includes various information including a description of your rights in relation to our handling of your personal data.

Overview – the key information you should be aware of

Effective: May 2023          Last Updated: December 2023

(A) Who we are:

We are InfraRed Capital Partners Limited, a global investment manager based in England.  All references in this policy to “InfraRed”, “our”, “us” or “we” refer to InfraRed Capital Partners Limited, or our group companies and affiliates, as appropriate.  All references in this policy to “our website”, are a reference to the website www.ircp.com. If you wish to contact us about anything in this privacy policy, please email our Data Protection Officer at DPO@ircp.com.

(B) Our values and what this policy is for:

We value your privacy and want to be accountable and fair to you as well as transparent with you in the way that we collect and use your personal information. We also want you to know your rights in relation to your information which you can find at section 6.

In line with these values, this privacy policy tells you what to expect when we collect and use personal data about you. We have tried to make it easy for you to navigate so you can find the information that is most relevant to you and our relationship with you.

We are always looking to improve the information we provide to our customers and contacts so if you have any feedback on this privacy policy, please let us know using our contact details in section 12.

(C) Who this policy applies to:

This policy applies to:

1. Visitors to our website (section 2.1);

2. Current and potential investors who are interested in making an application to invest with us (section 2.2);

3. Business partners, potential and actual investors, suppliers and employees of our business partners, potential and actual investors and suppliers (section 2.3);

4. People who contact us with enquiries (section 2.4); and

5. Job applicants (section 2.5).

Depending on our relationship with you we will collect and use your information in different ways. Please go to the sections listed above to find out the information that we collect about you and how we use this information.

(D) What this policy contains:

This privacy policy describes the following important topics relating to your information:

1. How we obtain your personal information (section 1);
2. Collection of your personal information and how we use it (section 2):
3. Our legal basis for using your personal information (section 3);
4. How and why we share your personal information (section 4);
5. How long we store your personal information (section 5);
6. Your rights (section 6);
7. Where we may transfer your personal information (section 7);
8. Risks and how we keep your personal information secure (section 8);
9. Links to other websites (section 9);
10. Changes to this privacy policy (section 10)
11. Children under 16 (section 11); and
12. Further questions and how to make a complaint (section 12).

(E) Your rights to object:

You have various rights in respect of our use of your personal information as set out in section 6. Two of the fundamental rights to be aware of are that you may:

1. ask us to stop using your personal information for direct-marketing purposes, such as event invitations. If you exercise this right, we will stop using your personal information for this purpose. We may continue to use your information to respond to your communications or to otherwise provide our services to you.

2. ask us to consider any valid objections which you have to our use of your personal information where we process your personal information on the basis of our, or another person’s, legitimate interest.

You can find out more information in section 6.

(F) What you need to do and your confirmation to us:

Please read this privacy policy carefully to understand how we handle your personal information. By engaging with us in the ways set out in this privacy policy, you confirm that you have read and understood the entirety of this privacy policy, as it applies to you.

THE DETAIL – THE KEY INFORMATION YOU SHOULD BE AWARE OF

1. How we obtain your personal information

1.1 You may give us personal information about yourself by using the online forms provided on our website, completing forms for us at our offices, in the process of proving your identity under our Know Your Customer processes, entering into a subscription deed with us or by contacting us by phone, email or other means. This includes, for example, where you provide your personal information to us in order to receive information or services from us. If you are a business partner or supplier, you may also give us personal information about you when you ae offering or providing services to us.

1.2 You may provide us with your information voluntarily as described in section 1.1 above, however, we may also receive information about you from third parties such as placement agents, our business partners and suppliers, group companies, public websites, credit checking services and background checking companies, which we refer to as “third party sources” or “suppliers” throughout this policy.

1.3 We may combine information that we collect directly from you with information we receive from third party sources. We may also combine information new collect about you from our website with information we collect offline or that we already have about you.

1.4 We may also passively collect your information when you visit our website through the use of online tracking tools, as described below in Section 2.1.

2. Collection of your personal information and how we use it

2.1 Visitors to our website

(a) What personal information we collect about you

We, or third parties on our behalf, collect and use any of the following information about you and we refer to this as “personal information” throughout this policy:

(i) information you provide when you correspond with us;

(ii) the following information is created and recorded automatically when you visit our website by our service provider, Google Analytics, to collect standard internet log information and details of visitor behavior patterns:

(A) Technical information. This includes: the Internet protocol (IP) address used to connect your computer to the internet address, time of visit, date of visit, HTTP request (the web page or file requested by you), and user agent (type of web browser or other client software that makes the request to the website) which we use to provide cyber security and sometimes to analyze the operational issues with the website or underlying hosting platforms, help diagnose problems with our server and to administer our websites, as well as to gather broad demographic information; the website address and country which requests information to gauge more accurately our users’ demographics; the files requested; browser type and version; browser plug-in types and versions; operating system; and platform; and

(B) Information about your visit and your behaviour on our website (for example, the pages that you click on). This may include the name of the website you visit before and after visiting our website (including date and time); time and length of visits to certain pages, page interaction information (such as scrolling, clicks and mouse-overs), methods used to browse away from the page, traffic data, location data, weblogs and other communication data and information provided when requesting further service or downloads.

(iii) Information such as IP, Network ID, Device ID, HTTP Referrer data, GeoIP Longitude and Latitude is collected and recorded automatically by our service provider when you visit our website through the use of a cookie which collects standard internet log information and details of visitor behaviour patterns to identify whether you are already known to us.

(b) How we use your personal information

We will collect, use and store the personal information listed above for the following reasons:

(i) to allow you to access and use our website;

(ii) to ensure the security of our website;

(iii) for improvement and maintenance of our website and to provide technical support for our website;

(iv) to recognise you when you return to our website; and

(v) to evaluate your visit to the website and compile statistics to understand the type of people who use our website, how they use our website and to make our website more intuitive. Such details will be anonymised as far as reasonably possible and you will not be identifiable from the information collected.

Please see sections 2.6 and 2.7 for more details about how we use your personal information.

(c) A word about cookies

This website uses cookies – small text files that are placed on your computer that store certain limited information about you. The cookies that we use will only be used for website analytics purposes.

It may also contain electronic images, known as web beacons or spotlight tags. These enable us to count users who have visited certain pages on the website. Web beacons and spotlight tags are simply tools used to obtain generic information about the web pages visited. They are not used to obtain information about specific users.

For detailed information on the cookies and similar tracking technologies we use and the purposes for which we use them, please refer to our cookies policy.

2.2 Current and Potential Investors who are interested in making an application to invest with us

In order to consider each application for investment in an investment fund or account sponsored, managed or advised by InfraRed (an “InfraRed Fund”), to administer existing investments and to comply with applicable laws and regulations, we need to collect certain information about potential investors as well as their relevant directors and beneficial owners. We will provide an applicant with a separate privacy notice which provides information about the types of information used, and the purposes for such usage, as part of the subscription document to be completed by each applicant in relation to their investment in an InfraRed Fund. Investors and potential investors may also receive a copy of this privacy notice by writing to us using the details in paragraph (A) above.

2.3 Our business partners, suppliers and current and potential investors and employees of our business partners, suppliers and current and potential investors

(a) We, or third parties on our behalf, may collect and use any of the following information about you:

(i) your name;

(ii) work contact information (phone number, postal address, mailing address, email address, social media account, such as LinkedIn);

(iii) your job title;

(iv) your date of birth;

(v) gender;

(vi) information provided when you correspond with us;

(vii) any updates to information provided to us;

(viii) personal information we collect about you from third party sources such as LinkedIn:

(ix) CVs, pitch and tender information;

(x) proof of identification and address;

(xi) visa or work permit documentation;

(xii) details of compensation, expense claims and bank details;

(xiii) information required to access company systems and applications (such as system ID);

(xiv) work hours (overtime and hours worked);

(xv) if you attend our sites, CCTV recordings; and

(xvi) details of how you interact with our emails, email attachments and website.

(b) How we use your personal information

We will collect, use and store the personal information listed above for the following reasons:

(i) to enable us to receive and manage services from you or your employer (including supplier due diligence, payment and expense reporting and financial audits);

(ii) to contact you with marketing communications which we believe will be of interest to you;

(iii) to assess your working capacity;

(iv) to confirm information on CVs and performance reference checks, to assess you or your employer’s suitability to work for us;

(v) for equal opportunities monitoring;

(vi for health and safety records and management;

(vii) to contact your next of kin in an emergency;

(viii) for security vetting and criminal records checks (where applicable and allowed by law); and

(xi) for CCTV monitoring and other security of company facilities.

Please see sections 2.6 and 2.7 for more details about how we use your personal information.

(c) Source of personal information. We may receive some of your personal information from third party sources, such as your employer or your employer’s company website. We may also collect this personal information from publicly-available sources, such as LinkedIn.

(d) Special categories of data. Some of the personal information that we collect about you, or which you or others, provides to us about you, may be special categories of data. Special categories of data include information about your physical and mental health, sexual orientation, racial or ethnic origin, political opinions, and biometric data.

(e) Information we need to provide services to you or your employer, or to receive services from you or your employer. Please note that we need certain types of personal information so that you or your employer can provide services to us or receive services from us. If you do not provide us with such personal information, or if you or your employer ask us to delete it, you or your employer may no longer be able to provide services to us, or we may not be able to supply services to them.

2.4 People who contact us with enquiries

(a) We, or third parties on our behalf, may collect and use any of the following information about you:

(i) your name;

(ii) your postal address;

(iii) your email address;

(iv) your telephone number;

(v) information provided when you correspond with us; and

(vi) any updates to information provided to us.

(b) How we use your personal information

We will collect, use and store the personal information listed above to deal with any enquiries or issues you have about our investment services, including any questions you may have about how we collect, store and use your personal information, or any requests made by you for a copy of the information we hold about you. Even if we do not have a contract with you, we may process your personal information for these purposes where it is in our legitimate interests for customer services purposes.

Please see sections 2.6 and 2.7 for more details about how we use your personal information.

2.5 Job applicants

(a) We, or third parties on our behalf, may collect and use any of the following information about you:

(i) your name;

(ii) your postal address;

(iii) your email address;

(iv) your telephone number;

(v) your gender;

(vi) your pension and pay details;

(vii) your qualification details;

(viii) information about your health;

(ix) your date of birth;

(x) your employment history;

(xi) information provided when you correspond with us; and

(xii) any updates to information provided to us.

(b) How we use your personal information

We will collect, use and store the personal information listed above to review and progress your job application and administer your personnel record should your application be successful, including any questions you may have about how we collect, store and use your personal information, or any requests made by you for a copy of the information we hold about you.

Source of personal information. We may receive some of your personal information from third party sources, such as your previous employer or your previous employer’s company website and background checking companies. We may also collect this personal information from publicly-available sources, such as LinkedIn.

Special categories of data. Some of the personal information that we collect about you or which you or others provide to us about you, may be special categories of data. Special categories of data include information about your physical and mental health and racial or ethnic origin.

Please see sections 2.6 and 2.7 of this policy for more details about how we use your personal information.

More detail on how we process applicant data can be found in our Candidate Privacy Notice.

2.6 Additional reasons

Whatever our relationship with you is, we may also collect, use and store your personal information for the following additional reasons:

(a) to deal with any enquiries or issues you have about how we collect, store and use your personal information, or any requests made by you for a copy of the information we hold about you. Even if we do not have a contract with you, we may process your personal information for these purposes where it is in our legitimate interests for customer services purposes;

(b) for internal corporate reporting, business administration, ensuring adequate insurance coverage for our business, claiming on our insurance policies, ensuring the security of company facilities, research and development and to identify business efficiencies. We may process your personal information for these purposes where it is in our legitimate interests to do so;

(c) to comply with any procedures, laws and regulations which apply to us – this may include where we reasonably consider it is in our legitimate interests or the legitimate interests of others to comply, as well as where we are legally required to do so; and

(d) to consider, establish, exercise or defend our legal rights – this may include where we reasonably consider it is in our legitimate interests or the legitimate interests of others, as well as where we are legally required to do so.

2.7 Further processing

Please contact us using the details in section 12 if you want further information on the analysis we will undertake to establish if a new use of your personal information is compatible with this Policy, including the purposes set out in this section 2.

3. Legal basis for use of your personal information

3.1 We consider that the legal bases for using your personal information as set out in this privacy policy are as follows:

(a) our use of your personal information is necessary to perform our obligations under any contract with you (for example, to provide you with investment services or to comply with the terms of use of our website which you accept by browsing our website); or

(b) our use of your personal information is necessary for complying with our legal obligations (for example, for Know Your Customer processes required by the Financial Conduct Authority); or

(c) where neither (a) nor (b) apply, use of your personal information is necessary for our legitimate interests or the legitimate interests of others (for example, to ensure the security of our website). Our legitimate interests are to:

(i) run, grow and develop our business;

(ii) operate our website;

(iii) select appropriately skilled and qualified business partners and suppliers;

(iv) marketing (including our email marketing), market research and business development;

(v) provide investment services to our clients, make and receive payment and provide customer services;

(vi) place, track and ensure fulfilment of orders with our business partners and suppliers; and

(vii) for internal group administrative purposes.

If we rely on our legitimate interests for using your personal information, we will undertake a balancing test to ensure that our (or the other person’s) legitimate interests are not outweighed by your interests or fundamental rights and freedoms which require protection of the personal information. You can ask us for information on this balancing test by using the contact details at section 12.

3.2 We may process your personal information in some cases on the basis of your consent (which you may withdraw at any time after giving it, as described below).

3.3 If we rely on your consent for us to use your personal information in a particular way, but you later change your mind, you may withdraw your consent by contacting us at DPO@ircp.com and we will stop doing so. However, if you withdraw your consent, this may impact the ability for us to be able to provide investment services to you, or invite you to events.

4. How and why we share your personal information with others

4.1 We may share your personal information with our group companies where it is in our legitimate interests to do so for corporate reporting, administrative purposes or relying on insurance policies.

4.2 We may share your personal information with the following third parties or categories of third parties:

(a) Our service provider, who helps provide this website for us (limited to 2.1);

(b) Our service provider, who hosts our database of contact information for our suppliers, customers and prospective customers (limited to 2.2 and 2.3);

(c) Our service provider, who provides us with marketing, advertising, promotional and communications services (limited to 2.2, 2.3 and 2.4);

(d) Google Analytics, our service provider, who provides analytics support to assist us in the improvement and optimisation of our website (limited to 2.1);

(e) KPMG LLP, our service provider, who provides us with professional advisory services including accountancy, consultancy and tax advice;

(f) Our fund administrators;

(g) Reuters Ltd, our service provider, who provides us with due diligence and other risk management services;

(h) Our service provider who provides us with services to allow us to assess how individuals interact with our marketing materials (limited to 2.1, 2.2 and 2.3)

(h) Our lenders who provide loans in relation to investment products;

(i) Our legal advisors who provide us with professional legal advisory services;

(j) Companies House and similar governmental executive agencies which administer the formation and dissolution of companies, and publishes information about companies and certain other corporate entities; and

(k) Our other service providers and sub-contractors, including but not limited to suppliers of services similar to those listed above, payment processors, suppliers of technical and support services, insurers, recruitment consultants, and cloud service providers.

4.3 Any third parties with whom we share your personal information are limited (by law and by contract) in their ability to use your personal information for any purpose other than to provide services for us.

4.4 We will also disclose your personal information to third parties:

(a) where it is in our legitimate interests to do so to run, grow and develop our business:

(i) if we sell or buy any business or assets, we may disclose your personal information to the prospective seller or buyer of such business or assets;

(ii) as part of a business transaction, such as a corporate reorganization, other change of control, or if substantially all of our assets are acquired by a third party, in which case personal information held by us will be one of the transferred assets;

(b) if we are under a duty to disclose or share your personal information in order to comply with any legal obligation, any lawful request from government or law enforcement officials and as may be required to meet national security or law enforcement requirements or prevent illegal activity;

(c) in order to protect, enforce or defend our rights or the rights of a third party, or to respond to any claims, to protect the safety of any person or to prevent any illegal activity; or

(d) to protect the rights, property, or safety of us, our staff, our customers or other persons. This may include exchanging personal information with other organisations for the purpose of fraud protection and credit risk reduction.

(e) for any other reason that we may notify you of and describe to you.

4.5 We may also disclose and use anonymised, aggregated reporting and statistics about users of our website for the purpose of internal reporting or reporting to our group or other third parties, and for our marketing and promotion purposes. None of these anonymised, aggregated reports or statistics will enable our users to be personally identified.

4.6 If you have given your consent for us to use or share your personal information in a particular way, but later change your mind, you should contact us and we will stop doing so.

5. How long we store your personal information

5. We keep your personal information for no longer than necessary for the purposes for which the personal information is processed. The length of time we retain personal information for depends on the purposes for which we collect and use it and/or as required to comply with applicable laws and to establish, exercise or defend our legal rights. Generally, we retain information pursuant to the following guidelines:

(a) For any materials relating to the provision of third-party services, including due diligence reports, we will retain personal information for 7 years from expiry, cancellation or the date of the document.

(b) All data relating to unsuccessful applicants (including CV, assessment notes, pre-employment checks) will be kept for up to 1 year.

The length of time we retain investors personal information for depends on the purposes for which we collect and use it and/or as required to comply with applicable laws and to establish, exercise or defend our legal rights. Accordingly, we apply the following criteria to determine the specific period for which personal information will be stored:

• the period for which the personal information is required for the applicable purposes set out in this Privacy Policy; or
• any statutory limitation period relevant to the personal information; or
• any statutory or regulatory retention period applicable to the personal information.

There may be situations which require us to retain your personal information longer than the period listed above. For instance, we may be legally required to retain your information pursuant to a legal action or hold.

6. Your rights

6.1 European Economic Area (“EEA”) and United Kingdom (“UK”) Rights – If you are a resident of the EEA or the UK, you have certain rights in relation to your personal information. If you would like further information in relation to these or would like to exercise any of them, please contact us via email at DPO@ircp.com at any time. You have the following rights:

(a) Right of access. You have a right of access to any personal information we hold about you. You can ask us for a copy of your personal information; confirmation whether your personal information is being used by us; details about how and why it is being used; and details of what safeguards are in place if we transfer your information outside of the EEA or UK (as applicable).

(b) Right to update your information. You have a right to request an update to any of your personal information which is out of date or incorrect.

(c) Right to delete your information. You have a right to ask us to delete any personal information which we are holding about you in certain specific circumstances.

These circumstances are: (a) if our use of your personal information is no longer necessary; (b) if we rely on your consent to use your personal information, if you withdraw your consent; (c) if we rely on our or another person’s legitimate interests to use your personal information and you object (unless we have overriding legitimate grounds to continue using your information for purposes that do not include marketing); (d) if your personal information has been unlawfully processed; and (e) if your personal information has to be erased to comply with law.

We will pass your request onto other recipients of your personal information unless that is impossible or involves disproportionate effort. You can ask us who the recipients are using the contact details in section 12.

(d) Right to restrict use of your information: You have a right to ask us to restrict the way that we process your personal information.

This is a right to ask us to stop using your personal information for certain purposes where: (a) you are unhappy with the accuracy of the personal information, for a period enabling us to verify the accuracy of the information; (b) our use of your personal information is unlawful; (c) we no longer need your personal information for the purposes that we collected it for, but you need the information to establish, exercise or defend legal claims; or (d) you have objected to our ongoing use of the personal information where we are still undertaking a verification exercise to establish whether our legitimate interests override yours and if we can continue using your personal information.

We will pass your request onto other recipients of your personal information unless that is impossible or involves disproportionate effort. You can ask us who the recipients are using the contract details in section 12.

(e) Right to stop promotional communications: You have a right to ask us to stop using your personal information for event organisation purposes. If you exercise this right, we will stop using your personal information for this purpose

(f) Right to data portability: You have a right to ask us to provide your personal information to a third party provider of services.

This right only applies where our use of your information is carried out by automated means and either (i) we use your personal information on the basis of your consent or (ii) we use your information in the performance of a contract.

(g) Right to object. You have a right to ask us to consider any valid objections which you have to our use of your personal information where we process your personal information on the basis of our or another person’s legitimate interest. If you exercise this right we will no longer use your personal information for the use that you have objected to, unless we can demonstrate that: (a) we have a compelling legitimate grounds for the use that overrides your interests, rights and freedoms; or (b) we need to use the personal information for the establishment, exercise or defence of legal claims.

(h) We will consider all such requests and provide our response within a reasonable period (and in any event within one month of your request unless we tell you we are entitled to a longer period allowed by applicable law). Please note, however, that certain personal information may be exempt from such requests in certain circumstances, for example if we need to keep using the information to comply with our own legal obligations or to establish, exercise or defend legal claims.

(i) If an exception applies, we will tell you this when responding to your request. We may request you provide us with information necessary to confirm your identity before responding to any request you make.

6.2 United States Privacy Rights. The United States has different privacy laws enacted by state, including but not limited to the California Consumer Privacy Act (“CCPA”), the Virginia Consumer Data Protection Act (“VCDPA”), the Colorado Privacy Act (“CPA”), the Connecticut Public Act No. 22-15 (“CTDPA”), the Utah Code Annotated 13-61-101, et seq. (“UCPA”), and other relevant state privacy laws, collectively, the “US Privacy Laws”.  The US Privacy Laws require us to make specific disclosures about how we collect, use and share the personal information of residents of each respective state who are subject to the each respective US Privacy Law, including the CCPA, VCDPA, CPA, CTDPA, or UCPA. The US Privacy Laws also grant such residents certain rights related to their personal information. This section describes our personal information practices offline and online, and contains these required disclosures and instructions for state residents who wish to exercise their rights under the US Privacy Laws. However, this section does not apply to our treatment of employment-related personal information or other information that is not subject to the consumer-facing US Privacy Laws. That information is available in our separate Candidate Privacy Notice.

(a) We are required under the US Privacy Laws to tell you which categories of “personal information” we collect, and which of these categories we disclose for “business purposes” or for “sale” purposes as these terms are defined under the US Privacy Laws.

In the past 12 months, we have collected personal information from residents of the respective state (e.g., California residents with respect to the CCPA) as described above in section 2.

We may disclose any of these categories of personal information for “business purposes” as this term is defined in the respective US Privacy Law.

(b) We may use personal information we collect for “business purposes” and “commercial purposes” as these terms are defined in the respective US Privacy Law. These purposes are as described in section 3.

(c) We may share personal information we collect with third parties as described in section 4.

(d) Resident rights under the respective US Privacy Law. Subject to certain exclusions included in the respective US Privacy Law, and as relevant to our operations, residents of each particular state have the rights listed below. We may take steps to verify your identity, as permitted or required under the respective US Privacy Law, before we process your request. Verification may include asking you to provide information about yourself that we can match against information already in our possession.

Notice. This means that you can request that we disclose the categories of personal information we have collected about you; the categories of sources from which such personal information is collected; the categories of personal information we have “sold” or disclosed for a business purpose; the categories of third parties to whom the personal information was “sold” or disclosed for a business purpose; and the specific pieces of personal information we have collected about you in the last 12 months.

Deletion. This means that you can request that we delete personal information about you which we have collected from you.

Opt-Out. The US Privacy Laws provide a right to opt-out of the “sale” of personal information as that “sale” is defined in the respective US Privacy Law.  However, we do not “sell” United States consumer personal information for monetary or other valuable consideration.

Equal prices and services. This means that we are prohibited from discriminating against you if you exercise your rights under the respective US Privacy Law.

(e) Agents that you have authorized to act on your behalf may also submit the US Privacy Law requests as instructed below. The agent must also provide evidence that they have your written permission to submit a request on your behalf. If we are unable to verify the authenticity of a request, we may ask you for more information or may deny the request.

(f) United States residents who wish to exercise their rights under this section can contact us by email at DPO@ircp.com.  Please indicate you are a United States resident making a request under the respective policy by indicating your residency in the subject line (e.g., a California Resident should use the subject line “CCPA Request”).

7. Where we may transfer your personal information

7.1 Your personal information may be used, stored and/or accessed by staff operating outside the EEA and UK, including US, China, Australia, South Korea, Mexico, New Zealand and Columbia working for us and other members of our group or our affiliates). Such countries may have different data protection rules than your country, and may not provide an adequate level of protection for your personal data. Personal information collected from US residents may be transferred to, and stored within, the EEA or UK. Further details of persons to whom your personal information may be disclosed are set out in section 4.

7.2 If we provide any personal information about you to any such non-EEA or non-UK members of our group or suppliers, we will take appropriate measures to ensure that the recipient protects your personal information adequately (i) in accordance with this privacy policy and (ii) in compliance with applicable privacy laws, including EU Regulation 2016/679 (the “GDPR”), the GDPR as retained in law in the UK (“UK GDPR”) or the UK Data Protection Act 2018 (“DPA”), such as:

(a) by ensuring that the country in which your personal information will be handled has been deemed “adequate” by the UK Government or the European Commission (as applicable); or

(b) by putting in place appropriate safeguards recognized by the GDPR, UK GDPR or DPA (as applicable) such as entering into UK Government or European Commission approved standard contractual arrangements with recipients of your information.

7.3 Further details on the steps we take to protect your personal information, in these cases is available from us on request by contacting us by email at DPO@ircp.com at any time.

8. Risks and how we keep your personal information secure

8.1 The main risk of our processing of your personal information is if it is lost, stolen or misused. This could lead to your personal information being in the hands of someone else who may use it fraudulently or make public information that you would prefer to keep private.

8.2 For this reason, we are committed to protecting your personal information from loss, theft and misuse. We take all reasonable precautions to safeguard the confidentiality of your personal information, including through use of appropriate organisational and technical measures, such as physical access controls to premises, staff training, locking files away, file encryption, passwords for systems access, anti-virus software. We are certified under Cyber Essentials Plus, as well as carrying out network penetration testing and multi-tier firewalls testing.

8.3 In the course of provision of your personal information to us, your personal information may be transferred over the internet. Although we make every effort to protect the personal information which you provide to us, the transmission of information over the internet is not completely secure. As such, you acknowledge and accept that we cannot guarantee the security of your personal information transmitted to our website and that any such transmission is at your own risk. Once we have received your personal information, we will use strict procedures and security features to prevent unauthorised access to it.

8.4 Where we have given you (or where you have chosen) a password which enables you to access your online account, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.

9. Links to other websites

9. Our website may contain hyperlinks to websites that are not operated by us. These hyperlinks are provided for your reference and convenience only and do not imply any endorsement of the activities of such third-party websites or any association with their operators. This privacy policy only applies to the personal information that we collect or which we receive from third party sources, and we cannot be responsible for personal information about you that is collected and stored by third parties. Third party websites have their own terms and conditions and privacy policies, and you should read these carefully before you submit any personal information to these websites. We do not endorse or otherwise accept any responsibility or liability for the content of such third party websites or third party terms and conditions or policies.

10. Children Under 13 and between 13 and 16

10. The Site where this Policy is located are meant for adults. We do not knowingly collect personally identifiable data from persons under the age of 16, and strive to comply with the provisions of COPPA (The Children’s Online Privacy Protection Act). If you are a parent or legal guardian and think your child under 13 has provided us with information, please contact us at DPO@ircp.com. Please mark your inquiries “COPPA Information Request.” Parents, you can learn more about how to protect children’s privacy on-line here.

The CCPA establishes an opt-in obligation for children between 13 and 16 years old. If you are a parent or legal guardian and think your child between the ages of 13 and 16 has provided us with information, or if you are a child between the ages of 13 and 16 who has provided us with information, please contact us at DPO@ircp.com. Please mark your inquiries “CCPA Information Request.”

11. Changes to our privacy policy

11. We may update our privacy policy from time to time. Any changes we make to our privacy policy in the future will be posted on this page.  We will notify you of any material changes to this policy as required by law. Please check back frequently to see any updates or changes to our privacy policy.

12. Further questions and how to make a complaint

12.1 If you have any queries or complaints about our collection, use or storage of your personal information, or if you wish to exercise any of your rights in relation to your personal information, please contact DPO@ircp.com. You may also write to us at the following address: 1370 Avenue of the Americas, 20th floor, New York NY 10019. We will investigate and attempt to resolve any such complaint or dispute regarding the use or disclosure of your personal information.

12.2 In accordance the GDPR or UK GDPR as applicable, in the UK or EEA you may also make a complaint to a supervisory authority for data protection matters (for example, the Information Commissioner’s Office in the UK) or the data protection regulator in the country where you usually live or work or where an alleged infringement of the GDPR or UK GDPR has taken place. Alternatively, you may seek a remedy through the courts if you believe your rights have been breached.

12.3 In accordance the US Privacy Laws as applicable, in California, Virginia, Colorado, Connecticut, or Utah, you may also make a complaint to a supervisory authority for data protection matters (e.g., the Department of Consumer Affairs in California) or the Better Business Bureau where you usually live or work or where an alleged infringement of the US Privacy Law has taken place. Alternatively, you may seek a remedy through the courts if you believe your rights have been breached.